Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22847
HistoryDec 01, 2009 - 12:00 a.m.

[oCERT-2009-017] PHP multiple issues

2009-12-0100:00:00
vulners.com
13
JSON

#2009-017 PHP multiple issues

Description:

PHP, an open source scripting language, suffers from several bugs that may
pose a security risk.

The reported issues have been discovered in several API functions, issues
include buffer overflows, near null reads/writes, arbitrary memory read
and an off-by-one issue. Some of the issues have been previously reported
in older versions of PHP but they either have not been fixed or they were
re-introduced in a later time. The issues have been discovered in both
core and, in some cases, PECL functions/classes/methods.

The following methods have been fixed.

ibase_pconnect
ibase_connect
com_print_typeinfo
popen
mssql_connect
mssql_pconnect
SplFileObject
DOMImplementation->createDocumentType
documentation()->public_id
SDO_DAS_ChangeSummary->beginLogging
SDO_DAS_Setting->getPropertyIndex
SDO_SequenceImpl->getProperty

The following methods have been removed in PHP 5.3, they are still
available without fixes in 5.2.11.

msql_close
msql_connect
msql_pconnect
msql_select_db
msql_list_tables

Affected version:

PHP < 5.3.1

Fixed version:

PHP >= 5.3.1

Credit: vulnerability report received from Emmanouel Kellinis, KPMG London.

CVE: N/A

Timeline:

2009-07-10: vulnerability report received
2009-07-15: contacted PHP security team
2009-07-15: vendor provides initial feedback, classifies the security
impact as low
2009-08-09: oCERT asks for feedback about the timescale for eventual fixes
2009-08-24: vendor replies that most issues will not be fixed as they are
present in deprecated extensions or are not understood
2009-08-25: reporter offers to clarify all the issues and provides test
cases
2009-08-26: after reporter feedback vendor commits more fixes
2009-10-05: reporter asks clarification about fixed/pending bugs
2009-10-27: after further reporter feedback vendor commits more fixes
2009-11-30: advisory published

References:
http://svn.php.net/viewvc?view=revision&amp;revision=289996
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/interbase/interbase.c?r1=272370&amp;r284159
http://svn.php.net/viewvc?view=revision&amp;revision=287779
http://svn.php.net/viewvc/php/php-src/trunk/TSRM/tsrm_win32.c?r1=287673&amp;r2=287779
http://www.php.net/ChangeLog-5.php#5.3.1

Permalink:
http://www.ocert.org/advisories/ocert-2009-017.html


Andrea Barisani | Founder & Project Coordinator
oCERT | Open Source Computer Emergency Response Team

<[email protected]> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"

JSON